Privacy Policy
Effective date: 21 August 2025
Who we are: Policy Brief Media Ltd (“we”, “us”, “our”) operates this website to advertise our conferences and manage event registrations. We are the data controller for the personal data described here.
- Legal entity: Policy Brief Media Ltd (Company No. 16638003)
- Registered office: 124 City Road, London, EC1V 2NX
- Contact (privacy): data@policybrief.co.uk
- Supervisory authority: UK Information Commissioner’s Office (ICO)
---
1) What data we collect
Data you provide
- Identity & contact: name, job title, organisation, work email, phone.
- Registration & attendance: chosen events, ticket type, CPD preferences.
- Accessibility/dietary notes (optional): only if you choose to provide them so we can accommodate needs.
- Billing: purchaser name, billing address, VAT number, purchase order details.
- Comms & feedback: enquiries, emails, call notes, feedback forms, opt-in/opt-out preferences.
Data collected automatically
- Technical: IP address, device, browser, timestamps, pages viewed, basic security logs.
- Cookies: we use only strictly necessary cookies required by our platform and Wix Events to operate login, basket and checkout. We do not set analytics or advertising cookies.
Data from other sources (Article 14, UK GDPR)
- Professional/public sources: public sector websites, published council documents, LinkedIn profiles, conference directories, event partners/referrals, and reputable B2B data suppliers.
- Where we obtain your details indirectly, we provide privacy information at first contact or within one month and include a clear opt-out.
Children/special category data: Our site targets professionals. We do not knowingly collect data about children. We avoid special category data. If you provide accessibility/dietary information that may imply health data, we process it only with your explicit consent and only to deliver the event.
---
2) Why we use your data (purposes) and lawful bases
Purpose | Examples | Lawful basis
- Run and secure the website | Load pages, prevent abuse, essential cookies | Legitimate interests (operate a secure, functional site)
- Event registration & delivery | Create attendee records, send confirmations and joining info, manage waiting lists | Contract (and steps before entering a contract)
- Take payments & prevent fraud | Process payments via Wix Events/Wix Payments and its payment partners; detect misuse | Contract; Legitimate interests; Legal obligation (fraud/financial rules)
- Customer service | Respond to enquiries, support requests | Legitimate interests; Contract
- CPD administration | Track attendance and issue CPD evidence where applicable | Legitimate interests; Legal obligation (if required by a scheme)
- B2B event marketing | Email relevant event updates to work addresses; maintain suppression lists | Legitimate interests (UK GDPR) with PECR compliance for corporate subscribers; Consent where you opt in
- Legal/finance & compliance | Accounts, VAT/tax, record-keeping, responding to legal/ICO requests | Legal obligation; Legitimate interests
- Accessibility needs (optional) | Seating, dietary or access arrangements | Explicit consent (special category data), withdrawable at any time
Marketing: We only send B2B event emails that are relevant to your professional role. Every message identifies us and includes an easy opt-out. If you opt in to specific updates, we rely on consent for those. More information can be found here: policybrief.co.uk/privacy
---
3) Who processes your data for us (sharing)
We use trusted processors that act on our instructions and under contract:
- Wix Events / Wix Payments (Wix.com Ltd.) – registrations, ticketing and checkout. Card details are entered directly with Wix and/or its payment partners; we do not see or store full card numbers.
- Email & productivity: Google Workspace (business email, docs).
- Email delivery/marketing: Mailchimp (for opted-in newsletters/updates) and our own outbound email for B2B updates.
- Accounting & invoicing: QuickBooks (Intuit).
- Cloud hosting/IT/security: hosting and security services as needed.
- Event partners/speakers: limited attendee lists where strictly necessary to deliver sessions (e.g., badge lists, moderated Q&A).
We do not sell personal data. Where the law requires (e.g., tax, fraud prevention, court/ICO requests) we may share data with authorities.
---
4) International transfers
Some suppliers (including Wix) may process data outside the UK. Where they do, we ensure appropriate safeguards (e.g., UK Addendum to Standard Contractual Clauses, or other recognised mechanisms). Contact us for current details.
---
5) Retention
We keep data only as long as needed, then delete or anonymise it.
- Website/server logs: up to 12 months.
- Enquiries & support: 24 months after last contact.
- Marketing contacts (B2B): up to 36 months from last meaningful interaction, or sooner if you opt out.
- Event registration & attendance: 6 years (to handle queries, CPD evidence and contractual claims).
- Invoices/finance: 6 years (legal/tax).
- Accessibility/dietary notes: deleted within 30 days after the event concludes (unless legally required longer).
- Consent records & suppression lists: retained as needed to evidence compliance and honour opt-outs.
---
6) Your rights
You have the right to access, rectify, erase, restrict, object (including to marketing), and portability, and not to be subject to decisions with legal or similarly significant effects based solely on automated processing.
- To exercise rights, email data@policybrief.co.uk.
- We will respond within one month (extendable for complex requests).
- You can opt out of marketing at any time via the link in our emails or by replying “stop”.
You also have the right to complain to the ICO (ico.org.uk, 0303 123 1113). We’d appreciate the chance to resolve concerns first.
---
7) Cookies & similar technologies
We use only strictly necessary cookies to run the site and Wix Events checkout (e.g., to keep your session, basket and security intact).
We do not use analytics or advertising cookies. Blocking essential cookies may break key features, including checkout.
---
8) Security
We apply technical and organisational measures including TLS encryption in transit, access controls, least-privilege access, staff training, and regular processor reviews. No system is perfectly secure, but we work to protect your information.
---
9) Automated decision-making
We do not carry out automated decision-making that produces legal or similarly significant effects.
---
10) Changes to this notice
We may update this notice from time to time. Material changes will be highlighted on this page and, where appropriate, notified by email.
---
11) Contact us
Policy Brief Media Ltd
data@policybrief.co.uk
124 City Road, London, EC1V 2NX